"Johannes Schindelin via GitGitGadget" <gitgitgadget@xxxxxxxxx> writes: > I would appreciate reviews with a particular eye on keeping users safe: I am > not 100% certain that all relevant file writes go through the index (I think > that they all go through the index, but I might have well missed a corner > case). There are peripheral commands that do not use the index at all, such as "archive"; piping "git archive" output to unarchiver that writes into the filesystem would be a way. But I do not think that qualifies as an attack vector you are looking for.
